Envilder – Secure AWS SSM CLI for Environment Variable Management
Envilder 是一个轻量级 Go 工具,从 AWS SSM 参数存储获取环境变量并设置到本地 shell 或 .env 文件中。它支持路径筛选、实时更新、无缓存,并提供简单高效的配置管理方案。 2025-6-16 12:0:27 Author: www.darknet.org.uk(查看原文) 阅读量:3 收藏

Envilder is a lightweight, command-line utility written in Go that fetches environment variables from AWS Systems Manager (SSM) Parameter Store and sets them in your local shell or writes them to .env files. It’s intended to enforce single-source-of-truth practices for configuration management without over-engineering.

Envilder - Secure AWS SSM CLI for Environment Variable Management

Unlike tools that require a secrets backend, vaults, or CI/CD integrations, Envilder is a standalone, fast, and developer-friendly solution designed for day-to-day use by developers or deployment automation.

Core Features

  • Fetches AWS SSM Parameters with path-based scoping
  • Exports to .env files for use in local development or container environments
  • Sets live shell environment variables
  • Avoids parameter value caching to ensure fresh pulls
  • Written in Go, offering native binaries with no dependencies

Installation

Download pre-built binaries from the GitHub Releases page.

Or install with Go:

go install github.com/macalbert/envilder@latest

Usage Examples

Set shell environment variables from an SSM path:

Write environment variables to a .env file:

envilder /myapp/dev > .env

The command recursively fetches all key-value pairs under the given path, trims the prefix, and formats them for export.

Example SSM Keys:

  • /myapp/dev/DB_USER
  • /myapp/dev/DB_PASS

Becomes:

DB_USER=admin

DB_PASS=s3cr3t

Use Cases

  • Developer onboarding – instantly pull the correct environment configs per stage
  • CI bootstrap – safely initialise jobs with ephemeral secrets from SSM
  • Local testing parity – ensure development mirrors production configuration
  • Configuration sanity – replace hardcoded .env values and .bashrc clutter

Security Considerations

  • Requires standard IAM credentials with ssm:GetParametersByPath access
  • Does not store secrets locally unless redirected to .env
  • Use with session-based credentials or limited-scope IAM roles for defence-in-depth

Pros and Cons

Pros

  • Simple and transparent
  • No infra, vault, or secrets manager dependencies
  • Fast and works well with modern toolchains

Cons

  • AWS-only (no support for GCP Secret Manager or Azure Key Vault)
  • Doesn’t support parameter decryption out of the box (you must allow decrypted values in SSM)
  • No UI or rotation scheduling

Final Thoughts

If you’re tired of .env rot or teams copying secrets between environments, Envilder is a welcome addition. It allows you to define configurations centrally in AWS SSM and access them securely and repeatably from anywhere. Ideal for modern development shops seeking minimal complexity with maximum clarity.

You can read more or download Envilder here: https://github.com/macalbert/envilder

Reader Interactions


文章来源: https://www.darknet.org.uk/2025/06/envilder-secure-aws-ssm-cli-for-environment-variable-management/
如有侵权请联系:admin#unsafe.sh